{"id":58758,"date":"2020-09-02T13:10:25","date_gmt":"2020-09-02T03:10:25","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=58758"},"modified":"2020-09-02T13:10:25","modified_gmt":"2020-09-02T03:10:25","slug":"cybercrime-deterrence-and-evading-attack","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/","title":{"rendered":"Cybercrime, deterrence and evading attack"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" class=\"alignnone size-full wp-image-58761\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560.jpg 1024w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560-205x137.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560-768x512.jpg 768w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560-332x221.jpg 332w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<p>Australia\u2019s <a href=\"https:\/\/www.homeaffairs.gov.au\/cyber-security-subsite\/files\/cyber-security-strategy-2020.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">2020 cybersecurity strategy<\/a> says the government will publicly call out, when it is in the nation\u2019s interests to do so, countries responsible for unacceptable intrusions or activity. It\u2019s appropriate for the world\u2019s 13th largest economy to have that capability and to be prepared to use it. But what are the options for economies that are much smaller or less developed?<\/p>\n<p>When an organisation or government detects malicious online activity or a breach of cybersecurity, the first question often asked is who is behind the attack. Significant resources and capabilities must then be engaged to identify and disable the perpetrator.<\/p>\n<p>The quest to know one\u2019s enemy makes sense for strategic reasons and also for assessment reasons. Knowing the origins or originator of an attack can facilitate counterattacks and enable assessments of whether it is a lone wolf, an issue-motivated group, an organised criminal syndicate or a state-sponsored actor. A country like Australia can choose either not to respond or to adopt \u2018<a href=\"https:\/\/www.homeaffairs.gov.au\/cyber-security-subsite\/files\/cyber-security-strategy-2020.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">a range of targeted and decisive responses<\/a>\u2019. The diplomatic options range from keeping the knowledge confidential to public naming and shaming. For countries with lower capabilities, the options are more limited.<\/p>\n<p>The confidential or \u2018quiet diplomacy\u2019 response to state-sponsored interference can be criticised as weak, ineffectual and unlikely to result in anything more than a denial from the accused government. While it might seem to be at the flaccid end of the spectrum of possible responses, a confidential response can nevertheless serve a useful purpose.<\/p>\n<p>When one government tells another that it\u2019s aware of malicious cyber activity originating from one of its agencies, it lifts the veil of anonymity and introduces a threat of consequences if the activity continues. At the very least, it introduces distrust, or affirms existing distrust, in the bilateral relationship, making attainment of foreign policy objectives more difficult. And if the bilateral relationship is already antagonistic or distrustful, the affected country might well be encouraged to opt for public naming and shaming, which has the added sting of informing and thereby warning the rest of the world.<\/p>\n<p>But many countries\u2014and especially small and developing countries (though not all developing countries)\u2014lack the resources and capabilities to track and investigate the origins of a cyberattack or other malicious online activity. For these countries, the enemy remains unknown or, even if a nation is suspected, unverifiable. In other words, they have no actionable information.<\/p>\n<p>Faced with an asymmetric threat, they may well heed the advice of Sun Tzu in <em>The art of war<\/em> and try to evade the enemy who is superior in strength. But what does a strategy of evasion look like for a country with a low level of <a href=\"https:\/\/www.aspistrategist.ru\/report\/cyber-maturity-asia-pacific-region-2017\" target=\"_blank\" rel=\"noopener noreferrer\">cyber maturity<\/a> that lacks effective cyber-related infrastructure, policies, legislation and organisations?<\/p>\n<p>In an era when the international rules and norms governing relations between states are being challenged, strengthening the self-defence mechanisms of small and medium-sized countries becomes more urgent. Globally, most cybersecurity breaches are due to <a href=\"https:\/\/chiefexecutive.net\/almost-90-cyber-attacks-caused-human-error-behavior\/\" target=\"_blank\" rel=\"noopener noreferrer\">human error<\/a>, such as employee negligence or malicious acts, rather than the vulnerability of computer systems. An evasion strategy needs a focus on human error and human behaviour to control cyber breaches. Countries with a low level of cyber maturity have limited response options, but raising cybersecurity awareness and encouraging safe online practices are within their reach.<\/p>\n<p>In its <a href=\"https:\/\/www.dfat.gov.au\/international-relations\/themes\/cyber-affairs\/Pages\/australias-international-cyber-engagement-strategy\" target=\"_blank\" rel=\"noopener noreferrer\">international cyber engagement strategy<\/a>, Australia commits to working with developing countries \u2018to build their technical, legislative and institutional capacity to fight cybercrime\u2019. The cyber cooperation program accompanying the strategy funds programs to implement this commitment. Both the strategy and the cooperation program recognise the importance of online security for economic development and the prevention of losses from cybercrime.<\/p>\n<p>One of the first projects funded under the cooperation program was a <a href=\"https:\/\/en.cyberbaykin.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">cybersecurity capacity- and awareness-raising project in Myanmar<\/a> led by Monash University in collaboration with Myanmar organisations. The primary aim of the project was to minimise \u2018<a href=\"https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404820302352\" target=\"_blank\" rel=\"noopener noreferrer\">cyber errorism<\/a>\u2019, and rather than engender fear it provided actionable and doable information. More than seven million users were reached by <a href=\"https:\/\/www.facebook.com\/CyberBayKin\/?modal=admin_todo_tour\" target=\"_blank\" rel=\"noopener noreferrer\">the campaign<\/a>. The main lesson learned was that for a campaign to be effective (that is, to change online behaviour) its design needs to based on a thorough understanding of the individual country\u2019s situation, especially its level of cyber maturity, and cultural factors. And this requires locally designed and produced content.<\/p>\n<p>Arguably, a focus on minimising human error through widespread adoption of safe online practices is a more feasible pathway to cybersecurity than a focus on institutional strengthening if capacity and incentives are weak and bureaucratic inertia make effective implementation uncertain.<\/p>\n<p>That said, a cybersecurity strategy is strongest <a href=\"http:\/\/press-files.anu.edu.au\/downloads\/press\/n2304\/pdf\/ch31.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">when it has many components<\/a>, including public awareness, government and private sector cooperation, legislation, global harmonisation of cybercrime laws, and international cooperation. When a range of measures are assembled, the vulnerabilities are closed off and the nation\u2019s or organisation\u2019s defences against cyberattack and malicious online activity are strengthened and the unknown enemy can be evaded.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Australia\u2019s 2020 cybersecurity strategy says the government will publicly call out, when it is in the nation\u2019s interests to do so, countries responsible for unacceptable intrusions or activity. It\u2019s appropriate for the world\u2019s 13th largest &#8230;<\/p>\n","protected":false},"author":1204,"featured_media":58761,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,1801,2138,728],"class_list":["post-58758","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cybercrime","tag-cybersecurity","tag-hacking"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cybercrime, deterrence and evading attack | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybercrime, deterrence and evading attack | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Australia\u2019s 2020 cybersecurity strategy says the government will publicly call out, when it is in the nation\u2019s interests to do so, countries responsible for unacceptable intrusions or activity. It\u2019s appropriate for the world\u2019s 13th largest ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-02T03:10:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Nicholas Coppel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nicholas Coppel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560.jpg\",\"width\":1024,\"height\":683,\"caption\":\"29 April 2020, Bavaria, Ebing: ILLUSTRATION - A man sits at a computer and types on a keyboard. Photo: Nicolas Armer\/dpa (Photo by Nicolas Armer\/picture alliance via Getty Images)\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/\",\"name\":\"Cybercrime, deterrence and evading attack | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/#primaryimage\"},\"datePublished\":\"2020-09-02T03:10:25+00:00\",\"dateModified\":\"2020-09-02T03:10:25+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/29d14da6e8c1081ce82a87eca5c1d77e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybercrime, deterrence and evading attack\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/29d14da6e8c1081ce82a87eca5c1d77e\",\"name\":\"Nicholas Coppel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a8fb5aa6e357878acc122f56b044cd39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a8fb5aa6e357878acc122f56b044cd39?s=96&d=mm&r=g\",\"caption\":\"Nicholas Coppel\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/nicholas-coppel\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybercrime, deterrence and evading attack | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/","og_locale":"en_US","og_type":"article","og_title":"Cybercrime, deterrence and evading attack | The Strategist","og_description":"Australia\u2019s 2020 cybersecurity strategy says the government will publicly call out, when it is in the nation\u2019s interests to do so, countries responsible for unacceptable intrusions or activity. It\u2019s appropriate for the world\u2019s 13th largest ...","og_url":"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2020-09-02T03:10:25+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560.jpg","type":"image\/jpeg"}],"author":"Nicholas Coppel","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Nicholas Coppel","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/09\/GettyImages-1211379560.jpg","width":1024,"height":683,"caption":"29 April 2020, Bavaria, Ebing: ILLUSTRATION - A man sits at a computer and types on a keyboard. Photo: Nicolas Armer\/dpa (Photo by Nicolas Armer\/picture alliance via Getty Images)"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/","url":"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/","name":"Cybercrime, deterrence and evading attack | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/#primaryimage"},"datePublished":"2020-09-02T03:10:25+00:00","dateModified":"2020-09-02T03:10:25+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/29d14da6e8c1081ce82a87eca5c1d77e"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/cybercrime-deterrence-and-evading-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Cybercrime, deterrence and evading attack"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/29d14da6e8c1081ce82a87eca5c1d77e","name":"Nicholas Coppel","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a8fb5aa6e357878acc122f56b044cd39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8fb5aa6e357878acc122f56b044cd39?s=96&d=mm&r=g","caption":"Nicholas Coppel"},"url":"https:\/\/www.aspistrategist.ru\/author\/nicholas-coppel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/58758"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/1204"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=58758"}],"version-history":[{"count":4,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/58758\/revisions"}],"predecessor-version":[{"id":58765,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/58758\/revisions\/58765"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/58761"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=58758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=58758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=58758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}